Legal claims defining the scope of protection, as filed with the USPTO.
1. A method performed by a data processing apparatus, the method comprising: storing information defining a plurality of network policy groups, each network policy group having an associated policy location, an associated policy role, and one or more network usage policies that specify access permissions for resources available on a network; receiving first information indicating that a first client device operated by a user is connected to the network at a first physical location, and identifying a first user role associated with the user; identifying, from among the plurality of network policy groups, a first network policy group having both (i) an associated first policy location that corresponds to the first client device's first physical location, and (ii) an associated policy role that corresponds to the user's first user role; receiving, from the first client device while the first client device is associated with the first physical location, a first resource request to access a resource available on the network; regulating the first client device's access to resources available on the network based on the one or more network usage policies associated with the identified first network policy group by determining, while the first client device is associated with the first physical location and based on receiving the first resource request, first access permissions for the first client device to the requested resource based on the one or more network usage policies associated with the identified first network policy group; receiving second information indicating that a second client device operated by the user is connected to the network at a second physical location, and identifying a second user role associated with the user, the second physical location of the second client device different from the first physical location; identifying, from among the plurality of network policy groups, a second network policy group having both (i) an associated second policy location that corresponds to the second client device's second physical location, and (ii) an associated policy role that corresponds to the user's second user role; receiving, from the second client device while the second client device is associated with the second physical location, a second resource request to access the resource; and determining, while the second client device is associated with the second physical location and based on receiving the second resource request, second access permissions for the second client device to the requested resource based on the one or more network usage policies associated with the identified second network policy group.
2. The method of claim 1 , wherein identifying the first network policy group comprises: identifying a subset of network policy groups for the first client device using the corresponding policy role, each of the network policy groups in the subset of network policy groups having priority information and being one of the network policy groups in the plurality of network policy groups, wherein the policy location for each of the network policy groups in the subset of network policy groups matches the first physical location; comparing the priority information associated with each of the network policy groups from the subset of network policy groups; and selecting a highest priority network policy group from the subset of network policy groups as the first network policy group, the highest priority network policy group having a higher priority than the other network policy groups in the subset of network policy groups based on the priority information associated with the highest priority network policy group.
3. The method of claim 1 , wherein the first client device and the second client device are the same device.
4. The method of claim 1 , wherein the first resource request comprises the first information.
5. The method of claim 1 , wherein each of the network policy groups in the plurality of network policy groups is linked to one of a plurality of user roles based on a network policy group name associated with the linked network policy group matching a user role name associated with the linked user role, the first user role associated with the first client device being one of the plurality of user roles.
6. The method of claim 1 , wherein the second network policy group is a default network policy group that applies to all client devices that connect to the network at the second physical location.
7. The method of claim 1 , wherein the second network policy group is more restrictive than the first network policy group for at least some of the resources available on the network.
8. The method of claim 1 , wherein receiving the first information comprises: receiving, from a specific network connection point on the network, client device information indicating that the first client device is connected to the specific network connection point, wherein a plurality of network connection points provide access to the network and each network connection point is associated with a network connection point location, the specific network connection point location associated with the specific network connection point identifying the first physical location, and the specific network connection point being one of the plurality of network connection points.
9. The method of claim 8 , wherein the specific network connection point comprises a wireless network connection point.
10. The method of claim 1 , wherein the first policy location and the first physical location both comprise the same location name.
11. A non-transitory computer storage medium encoded with instructions that, when executed by one or more computers, cause the one or more computers to perform operations comprising: storing information defining a plurality of network policy groups, each network policy group having an associated policy location, an associated policy role, and one or more network usage policies that specify access permissions for resources available on a network; receiving first information indicating that a first client device operated by a user is connected to the network at a first physical location, and identifying a first user role associated with the user; identifying, from among the plurality of network policy groups, a first network policy group having both (i) an associated first policy location that corresponds to the first client device's first physical location, and (ii) an associated policy role that corresponds to the user's first user role; receiving, from the first client device while the first client device is associated with the first physical location, a first resource request to access a resource available on the network; regulating the first client device's access to resources available on the network based on the one or more network usage policies associated with the identified first network policy group by determining, while the first client device is associated with the first physical location and based on receiving the first resource request, first access permissions for the first client device to the requested resource based on the one or more network usage policies associated with the identified first network policy group; receiving second information indicating that a second client device operated by the user is connected to the network at a second physical location, and identifying a second user role associated with the user, the second physical location of the second client device different from the first physical location; identifying, from among the plurality of network policy groups, a second network policy group having both (i) an associated second policy location that corresponds to the second client device's second physical location, and (ii) an associated policy role that corresponds to the user's second user role; receiving, from the second client device while the second client device is associated with the second physical location, a second resource request to access the resource; and determining, while the second client device is associated with the second physical location and based on receiving the second resource request, second access permissions for the second client device to the requested resource based on the one or more network usage policies associated with the identified second network policy group.
12. The computer storage medium of claim 11 , wherein identifying the first network policy group comprises: identifying a subset of network policy groups for the first client device using the corresponding policy role, each of the network policy groups in the subset of network policy groups having priority information and being one of the network policy groups in the plurality of network policy groups, wherein the policy location for each of the network policy groups in the subset of network policy groups matches the first physical location; comparing the priority information associated with each of the network policy groups from the subset of network policy groups; and selecting a highest priority network policy group from the subset of network policy groups as the first network policy group, the highest priority network policy group having a higher priority than the other network policy groups in the subset of network policy groups based on the priority information associated with the highest priority network policy group.
13. The computer storage medium of claim 11 , wherein the first client device and the second client device are the same device.
14. The computer storage medium of claim 11 , wherein the first resource request comprises the first information.
15. The computer storage medium of claim 11 , wherein each of the network policy groups in the plurality of network policy groups is linked to one of a plurality of user roles based on a network policy group name associated with the linked network policy group matching a user role name associated with the linked user role, the first user role associated with the first client device being one of the plurality of user roles.
16. The computer storage medium of claim 11 , wherein the second network policy group is a default network policy group that applies to all client devices that connect to the network at the second physical location.
17. The computer storage medium of claim 11 , wherein the second network policy group is more restrictive than the first network policy group for at least some of the resources available on the network.
18. The computer storage medium of claim 11 , wherein receiving the first information comprises: receiving, from a specific network connection point on the network, client device information indicating that the first client device is connected to the specific network connection point, wherein a plurality of network connection points provide access to the network and each network connection point is associated with a network connection point location, the specific network connection point location associated with the specific network connection point identifying the first physical location, and the specific network connection point being one of the plurality of network connection points.
19. The computer storage medium of claim 18 , wherein the specific network connection point comprises a wireless network connection point.
20. The computer storage medium of claim 11 , wherein the first policy location and the first physical location both comprise the same location name.
21. A system comprising: one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising: storing information defining a plurality of network policy groups, each network policy group having an associated policy location, an associated policy role, and one or more network usage policies that specify access permissions for resources available on a network; receiving first information indicating that a first client device operated by a user is connected to the network at a first physical location, and identifying a first user role associated with the user; identifying, from among the plurality of network policy groups, a first network policy group having both (i) an associated first policy location that corresponds to the first client device's first physical location, and (ii) an associated policy role that corresponds to the user's first user role; receiving, from the first client device while the first client device is associated with the first physical location, a first resource request to access a resource available on the network; regulating the first client device's access to resources available on the network based on the one or more network usage policies associated with the identified first network policy group by determining, while the first client device is associated with the first physical location and based on receiving the first resource request, first access permissions for the first client device to the requested resource based on the one or more network usage policies associated with the identified first network policy group; receiving second information indicating that a second client device operated by the user is connected to the network at a second physical location, and identifying a second user role associated with the user, the second physical location of the second client device different from the first physical location; identifying, from among the plurality of network policy groups, a second network policy group having both (i) an associated second policy location that corresponds to the second client device's second physical location, and (ii) an associated policy role that corresponds to the user's second user role; receiving, from the second client device while the second client device is associated with the second physical location, a second resource request to access the resource; and determining, while the second client device is associated with the second physical location and based on receiving the second resource request, second access permissions for the second client device to the requested resource based on the one or more network usage policies associated with the identified second network policy group.
22. The system of claim 21 , wherein identifying the first network policy group comprises: identifying a subset of network policy groups for the first client device using the corresponding policy role, each of the network policy groups in the subset of network policy groups having priority information and being one of the network policy groups in the plurality of network policy groups, wherein the policy location for each of the network policy groups in the subset of network policy groups matches the first physical location; comparing the priority information associated with each of the network policy groups from the subset of network policy groups; and selecting a highest priority network policy group from the subset of network policy groups as the first network policy group, the highest priority network policy group having a higher priority than the other network policy groups in the subset of network policy groups based on the priority information associated with the highest priority network policy group.
23. The system of claim 21 , wherein the first client device and the second client device are the same device.
24. The system of claim 21 , wherein the first resource request comprises the first information.
25. The system of claim 21 , wherein each of the network policy groups in the plurality of network policy groups is linked to one of a plurality of user roles based on a network policy group name associated with the linked network policy group matching a user role name associated with the linked user role, the first user role associated with the first client device being one of the plurality of user roles.
26. The system of claim 21 , wherein the second network policy group is a default network policy group that applies to all client devices that connect to the network at the second physical location.
27. The system of claim 21 , wherein the second network policy group is more restrictive than the first network policy group for at least some of the resources available on the network.
28. The system of claim 21 , wherein receiving the first information comprises: receiving, from a specific network connection point on the network, client device information indicating that the first client device is connected to the specific network connection point, wherein a plurality of network connection points provide access to the network and each network connection point is associated with a network connection point location, the specific network connection point location associated with the specific network connection point identifying the first physical location, and the specific network connection point being one of the plurality of network connection points.
29. The system of claim 28 , wherein the specific network connection point comprises a wireless network connection point.
30. The system of claim 21 , wherein the first policy location and the first physical location both comprise the same location name.
Unknown
May 27, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.